ACSC Essential Eight –
Compliance and Audit

DELIVERED

Get a Free E8 Readiness Check
services

Your Essential Eight Journey

Nortec have certified ACSC Essential Eight Accredited Engineers. We can help you both prepare and then access your Essential Eight Readiness and Compliance.

The ACSC Essential Eight isn’t just a checklist; it’s a compass for Australian businesses to navigate the ever-changing cyber landscape. Understanding the essential eight and the differences between the Levels empowers businesses to chart their own course, building progressively stronger defenses and becoming increasingly resilient against cyber threats. Remember, even the smallest steps towards improved security can significantly enhance your cybersecurity posture and safeguard your valuable data and operations.

Essential-Eight Compliance
what we offer

Essential Eight Solutions

DELIVERED
Essential Eight Preparation

Implementing the ACSC Essential Eight is not foolproof, but it significantly raises the bar for attackers, making it much harder and more time-consuming to breach your defenses. Have your IT team work with us to bring you up to your preferred Essential Eight Level.

Essential Eight Implementation

If you are starting out on your ACSC Essential Eight Journey, we have tailored Managed Solutions which we can implement to help you achieve your targeted Essential Eight Level.

Essential Eight Compliance Audit

Our Accredited Assessors have been trained to perform comprehensive ACSC Essential Eight (E8) Audits at all levels. E8 Assessments are completed on a level-by-level process. You are initially assessed on Level One, Then Levels two and three.

What is the ACSC Essential Eight

The ACSC Essential Eight is a set of eight baseline cybersecurity mitigation strategies developed by the Australian Cyber Security Centre (ACSC) to help organizations protect themselves from various cyber threats. These strategies are considered the most effective starting point for any organization looking to improve their cybersecurity posture. 

The Essential Eight strategies are:

  • Application Control: Preventing the execution of unauthorized or malicious programs.
  • Patch Applications: Regularly patching software vulnerabilities in applications like web browsers, PDF readers, and office suites.
  • Configure Microsoft Office Macro Settings: Blocking or limiting the use of macros in Microsoft Office documents to prevent macro-based malware.
  • User Application Hardening: Configuring web browsers and other applications to block Flash, Java, and other vulnerable plugins.
  • Restrict Administrative Privileges: Limiting the number of users with administrative access to systems and applications.
  • Patch Operating Systems: Regularly patching vulnerabilities in operating systems like Windows, macOS, and Linux.
  • Multi-Factor Authentication: Implementing multi-factor authentication for all users, especially for privileged accounts.
  • Regular Backups: Regularly backing up important data and systems and ensuring that backups are stored securely and can be restored quickly

Essential Eight Levels

Understanding the differences between the Levels empowers businesses to chart their own course, building progressively stronger defenses and becoming increasingly resilient against cyber threats. Remember, even the smallest steps towards improved security can significantly enhance your cybersecurity posture and safeguard your valuable data and operations.

Level 0: Unprotected

Understanding the differences between the Levels empowers businesses to chart their own course, building progressively stronger defenses and becoming increasingly resilient against cyber threats. Remember, even the smallest steps towards improved security can significantly enhance your cybersecurity posture and safeguard your valuable data and operations.

Level 1: the Basics

At Level One, basic defenses are erected. Think of it as raising the drawbridge and closing the first gate. Businesses patch critical applications and operating systems, implement multi-factor authentication for some accounts, and restrict some administrative privileges. While this marks a significant improvement, vulnerabilities remain due to incomplete control implementation, weak user passwords, and potential gaps in application control.

Level 2: StrengTHening 

At Level One, basic defenses are erected. Think of it as raising the drawbridge and closing the first gate. Businesses patch critical applications and operating systems, implement multi-factor authentication for some accounts, and restrict some administrative privileges. While this marks a significant improvement, vulnerabilities remain due to incomplete control implementation, weak user passwords, and potential gaps in application control.

Level 3: Impregnable

Reaching Level Three signifies a formidable fortress. Microsoft Office macros are disabled, regular backups are automated, and user application hardening is optimized. This level reflects a proactive approach to cyber defense, minimizing vulnerabilities and maximizing system resilience. However, even the most secure systems require constant vigilance, so continuous improvement and adaptation to evolving threats remain crucial.

Free Essential Eight
Readiness Check

Secret Link